You have some entries there that need removing.
===============
We'll need to unload (not uninstall)
Intermute's SpySubtract, since it might interfere with other program(s) we might be using to 'clean' off your system.
===============
Download, then unzip to "
C:\HJT", the newest version of
HiJackThis;
version 1.99.1. Then repost your log, either now, or after following the steps in the solution (
if provided in this post).
This version has features that might be more helpful in 'cleaning' up your system.
===============
Download
CWShredder 2.14 from
here. Run it and press the *fix,* not scan and allow it to clean the infection.
Close all browser and explorer windows before hitting the fix button.
-
Download, unzip to your desktop
about:Buster and run it, then:
1. Click "
Update".
2. Click "
Check For Update"
(
If no new version is available, skip to step #4.)
3. Click "
Download Update", and wait for it to be installed.
Reboot into safe mode following the instructions
here
4. Run "
about:Buster" again and hit the 'Begin Removal' button.
(
Wait for the initial ADS scan to complete.)
5. Click "Yes", to shutdown any IE session currently open.
(
Wait for the about:blank scan to complete.)
6. Click "
Ok", to scan once more.
7. Click "
Yes", to shutdown any IE sessions currently open.
8. Click "
Yes", to begin the second pass.
9. Click "
Save log", and post this log back along with your new log.
10. Click "
Exit".
11. Click "
Exit".
12. "
Reboot"..
===============
Run
HiJackThis, click "
Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vplva.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vplva.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vplva.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vplva.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vplva.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vplva.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vplva.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2929CEAE-77FF-75B8-60FC-E12285397CA9} - C:\WINNT\system32\ntvs.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp4,0,2,1.dll (file missing)
O4 - HKLM\..\Run: [msra.exe] C:\WINNT\msra.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
...
(Unless you've set these with an anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
Now, with all windows closed (including Internet Explorer) except
HiJackThis, click "
Fix checked".
===============
Locate and
delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
C:\WINNT\msra.exe
C:\WINNT\system32\vplva.dll
C:\WINNT\system32\ntvs.dll
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them in "
Safe Mode".
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Let me know how everything goes.
